Researchers have identified vulnerabilities in Fortinet FortiOS that can be used by threat actors for malicious activities.
The vulnerabilities are Cross-Site scripting (XSS) and Cross-Site request forgery (CSRF) vulnerabilities. These vulnerabilities have been given the CVE IDs CVE-2023-29183 with a CVSS score of 5.4 and CVE-2023-34984 with a CVSS score of 8.8.
FortiProxy – 7.2.0 through 126.96.36.199.0 through 7.0.10
FortiOS – 7.2.0 through 7.2.4,7.0.0 through 7.0.11,6.4.0 through 6.4.12,6.2.0 through 6.2.14
This vulnerability exists due to a failure in the protection mechanism in FortiWeb, which could allow a threat actor to bypass CSRF and XSS protections. The severity for this vulnerability has been given as 8.8 (High).
Affected Versions :
FortiWeb- 7.2.0 through 188.8.131.52.0 through 184.108.40.206 all versions6.3 all versions
Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited by threat actors.